1 in 5 enterprises have experienced an APT attack


Tuesday, 15 July, 2014

1 in 5 enterprises have experienced an APT attack

A global study shows that one in five organisations (21%) have experienced an advanced persistent threat (APT) attack, and 66% believe it's only a matter of time before their enterprise is hit by an APT.

Yet only 15% of enterprises believe they are very prepared for an APT attack. And among the companies that have been attacked, only one in three could determine the source.

ISACA, a global association serving 115,000 IT security, risk, assurance and governance professionals, conducted the study of 1220 security professionals to determine how APTs have evolved from 2013.

"APTs are stealthy, relentless and single-minded, and their primary purpose is to extract information such as valuable research, intellectual property or government data," said Queensland-based Tony Hayes, ISACA's immediate past international president. "In other words, it is absolutely critical for enterprises to prepare for them, and that preparation requires more than the traditional technical controls."

The majority of responding organisations say their primary APT defence is technical controls such as firewalls, access lists and antivirus, which are critical for defending against traditional threats, but not sufficient for preventing APT attacks.

Nearly 40% of enterprises report that they are not using user security training and controls to defend against APT - a critical component of a successful cybersecurity plan.

Worse yet, more than 70% are not using mobile controls, even though 88% of respondents recognise that employees' mobile devices are often the gateway to an APT attack.

While more enterprises report that they are adjusting vendor management practices (23%) and incident response plans (56%) to address APTs this year, the numbers still need significant improvement.

"The good news is that more enterprises are attempting to better prepare for the APT this year," said Robert Stroud, international president of ISACA and a vice president at CA Technologies. "The bad news is that there is still a big knowledge gap regarding APTs and how to defend against them, and more security training is critically needed."

Related Articles

Emergency onboarding: what to do before and after a data breach

Organisations that have an emergency onboarding plan are better positioned to have their business...

Savvy directors are demanding more points of proof when cyber incidents occur

Pre-agreement on what a post-incident forensics effort should produce — and testing it out...

Cyber-attack prevention is better than a cure

Corporate and political decision-makers need to invest in areas that do a better job of...

Content from other channels on our network

Comms Connect New Zealand returning to Christchurch

Govt audits national mobile coverage as Telstra extends 3G closure

The critical drive for technological innovation in emergency services

Command & Control Communications at the Heart of Utilities Worldwide

ARCIA's Sydney conference and networking dinner returns

Retailers caught selling unapproved electrical appliances

Ampcontrol and Siemens partner on renewable energy solutions

SA announces smart residential energy trial

Western Power welcomes new apprentices

Avoiding another Black Summer

Ultra-pure silicon chip brings quantum computing a step closer

Low-energy process developed for high-performance solar cells

Wearable health sensor charges without wires or batteries

Enhancing the cyclability of lithium-ion battery cathodes

Experiment could enable millions of qubits on a single chip

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd